RE: Promiscuous email printing in Canon imageRunner

["Eric McCarty" <eric () lawmpd com>]

You think that's bad?, HP Laserjet 4000's, 4100's, 4200's and others
accept any print job you FTP to them, and its anonymous ftp so anyone
can ftp in and send over a print job using the PUT command. This is
nothing new and has been long reported however. 

The trick would be finding a way to upload files to the onboard printer
memory and keep them there, 64mb of space to hide a tarball or zip of
utils would defintely be nice on campus networks. 

Eric

-----Original Message-----
From: Matthew E. Lauterbach [mailto:mlauterbach () mail wtamu edu] 
Sent: Monday, September 27, 2004 2:02 AM
To: bugtraq () securityfocus com
Subject: RE: Promiscuous email printing in Canon imageRunner

On Thursday, September 23, 2004 5:44 PM Andrew Daviel wrote:
> The Canon iR5000i digital printer (and probably other imageRunner 
> models) has a somewhat undocumented print-from-email feature.
>
> Any text/plain email sent to port 25 on the device will be printed.
> The MAIL FROM and RCPT TO values are not authenticated or even checked

> for syntax.
 
The Canon iR85 does not seem to have this "feature".  Doing "telnet
10.0.0.1 25" to either of my iR85 printers returns "Could not open
connection to the host, on port 25: Connect failed".

Matt Lauterbach